mirror of
https://github.com/rommapp/romm.git
synced 2026-06-28 06:46:00 +00:00
0460133992
Backend: - Resolve the acting user from the authenticated socket session on connect instead of trusting the client-supplied user_id, so a client can no longer spoof a "now playing" session for another user. Only rom_id/device_id come from the payload. - Emit activity:update/clear through the already-initialised socket server instead of opening (and leaking) a fresh AsyncRedisManager per REST heartbeat. - Collapse get_all_active's per-key GET into a single MGET. - Drop the pure pass-through _build_activity_entry helper. Frontend: - Remove all activity emits from the v1 EmulatorJS Player; the v2 shell is the single driver of the activity lifecycle. - Remove activity from the v1 UI entirely (Activity view, ActivityBtn, ActivePlayers on game details, navigation, and the now-v2-only route). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>